Skip to content

Latest commit

 

History

History
71 lines (47 loc) · 1.36 KB

045.md

File metadata and controls

71 lines (47 loc) · 1.36 KB

Handsome Pineapple Mustang

Medium

wrong implement of getAllLoans.

Summary

when i==limit - offset-1 then ((i + offset + 1) become limit and if ( limit>= loanID) { break; } as limit id loanID then if ( loanD>= loanID) then break will happen .

Root Cause

https://github.com/sherlock-audit/2024-11-debita-finance-v3/blob/main/Debita-V3-Contracts/contracts/DebitaV3Aggregator.sol#L693

function getAllLoans( uint offset, uint limit ) external view returns (DebitaV3Loan.LoanData[] memory) { // return LoanData uint _limit = loanID; if (limit > _limit) { limit = _limit; }

    DebitaV3Loan.LoanData[] memory loans = new DebitaV3Loan.LoanData[](
        limit - offset
    );

    for (uint i = 0; i < limit - offset; i++) {
        if ((i + offset + 1) >= loanID) {
            break;
        }
        address loanAddress = getAddressById[i + offset + 1];

        DebitaV3Loan loan = DebitaV3Loan(loanAddress);
        loans[i] = loan.getLoanData();

        // loanIDs start at 1
    }
    return loans;
}

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

No response

PoC

No response

Mitigation

No response